[Cryptography] Fwd: OPENSSL FREAK
Ray Dillinger
bear at sonic.net
Mon Apr 6 18:08:02 EDT 2015
On 04/06/2015 11:55 AM, Bill Frantz wrote:
> I think there may be useful application areas where there are good
> answers to these questions. The IoT seems a likely place. However, I
> still think the option of regular software upgrades is probably a better
> option for most uses.
Yes, the Internet of Things as it's being called is scary as hell
because you know that software will not be updated in any organized
way - especially when the company that sold the "thing" is out of
business or loses a patent lawsuit or something. Or somebody
who makes a business model of "give away the thing, charge for the
updates" is going to have a bunch of customers are perfectly happy
with the way their toaster or thermostat or doorbell or whatever
works now and don't want to pay for a software update for it,
or whatever.
In the absence of timely, reliable upgrades, there really does
need to be some kind of "kill switch" to shut down discovered
vulnerable configuration options, or those "things" will become
the gateway for crooks to get into the rest of the owner's
network.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150406/ed23dea9/attachment.sig>
More information about the cryptography
mailing list